- Newest
- Most votes
- Most comments
If you want to use an ACM certificate to secure your website you'll need to associate it with a load balancer or CloudFront distribution, and then put that in front of your EC2 instance https://repost.aws/knowledge-center/configure-acm-certificates-ec2
Specific details about Load balancer https://repost.aws/knowledge-center/associate-acm-certificate-alb-nlb
And CloudFront https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/DownloadDistS3AndCustomOrigins.html#concept_CustomOrigin
Both of these will incur additional costs, if you want to limit your costs then consider getting a LetsEncrypt certificate and using that directly in the Nginx config on your EC2 instance https://aws.amazon.com/blogs/compute/extending-amazon-linux-2-with-epel-and-lets-encrypt/ (a bit out of date) as well as https://letsencrypt.org/getting-started/
To secure, you can install a SSL/TLS cert on your EC2 Nginx server for https.
On most Linux OSs, you can install certbot
and python3-certbot-dns-route53
, and use it to obtain LetsEncrypt TLS cert with Route53 automatically.
sudo dnf install -y certbot python3-certbot-dns-route53
Replace dnf
with apt
if you are on Ubuntu
Assign Route53 permission (e.g. AmazonRoute53FullAccess
) to your EC2 IAM role,
Since you have already created www.MyDomain.com
DNS A record to your EC2 public IP, run certbot in your Linux EC2 to request and auto install TLS cert on your Nginx web server, e.g.
sudo certbot --dns-route53 --installer nginx --agree-tos -d www.MyDomain.com
See screenshot below
If above does not work, request for cert and manually install in your Nginx, e.g. sudo certbot certonly --dns-route53
or sudo certbot certonly
Hello.
If you do not use ALB, try using Let's Encrypt, which can issue SSL certificates for free, instead of ACM.
Please refer to the following blog for information on how to issue a certificate.
https://medium.com/@vinoji2005/guide-to-setup-lets-encrypt-ssl-in-nginx-be3d641bb58a
Relevant content
- asked 2 years ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Ohhh ok so I do have to use a load balancer or either i have to use a LetsEncrypt method that being mentioned in other answers. Well guess i have to use Load Balancer. But I am curious, what does the Article I shared about? it only created ACM and added into my hosted zone, that's all I could understood.
The aws.plainenglish.io article is just plain wrong, there is nothing in there that will associate an ACM certificate with your EC2 website, because it can't be done.
The AWS services that can integrate with ACM are here https://docs.aws.amazon.com/acm/latest/userguide/acm-services.html